Facebook porn culprits identified

Facebook says it knows who was behind the massive spam attack on the social network last week – although it isn’t naming them – and it intends to take legal action against them.

In a statement released to media outlets, Facebook said that its dedicated enforcement team, “has already identified those responsible and is working with our legal team to ensure appropriate consequences follow.”

Those familiar with Facebook’s history with spammers know that the socnet doesn’t make idle threats when it comes to junco artists. It pursued one spam king, Sanford Wallace, for two years before winning an indictment against him earlier this year.

The indictment accused Wallace of flooding Facebook with 27 million spam messages in 2008 and 2009. It also said that the junk czar used phishing attacks to steal usernames and passwords from victims and used the stolen credentials to post spam to victims’ walls.

Because a threat to take down Facebook was made earlier this year by some members of the hacker collective Anonymous, its name initially surfaced as a possible perpetrator of the attack. That’s unlikely, however, not only because the group called off its action against Facebook, scheduled for November 5, but using shock spam in an attack just isn’t its style.

The spam attack on Facebook began last week when many Facebook users began seeing pornographic and shock spam appearing in their news feeds without any knowledge of how they got there. After some delay, Facebook finally acknowledged that the attacks had taken place.

The social network has an impressive security scheme in place. The Facebook Immunity System (FIS), which analyzes 650,000 actions a second, has done a good job of protecting social networkers from malicious and annoying activity directed at their accounts, but it has its flaws.

For example, earlier this month, researchers showed how botnets could be created to harvest information from members without being detected by FIS. And, obviously, the latest spam deluge dodged detection.

That deluge was based on tricking members into pasting JavaScript code into the address bar of their browsers. The code caused members to share offensive material with their friends.

While praising Facebook’s action in cleaning up the mess, one secure browser maker added that problems with self-inflicted JavaScript infections persist on the network. “Facebook has cleaned up most of the offensive content from in the recent campaign,” noted Mike Geide at the Zscaler blog. “But doing some specific searches, I was able to find some examples of this self-inflicted JS injection technique being used on Facebook.”

“The most common cases are Facebook groups that ask you to join and then enter in some JS into your URL bar,” he said.

Sign up to the Macworld Australia newsletter

Sign up to the newsletter

Please select the newsletter/s you would like to receive: Wednesday HelpdeskFriday RoundupMac in BusinessCountry*Location if Australia*Who are you? *What are you more interested in? *MaciPadiPhoneAppsGadgetsHardwareSoftwareBusiness SolutionsBusiness size *